const express = require('express');
const router = express.Router();
const qx = require("../../../utils/qx");

const { mysql, localStorage, md5 } = require("../../../utils/require")
router.get("/", async(req, res) => {
    let Permission = await qx.pbulic_qx(req.session.users.id);

    if (Permission.indexOf(1) > -1) {
        let sql = "select username,DATE_FORMAT(datetime,'%Y-%m-%d  %H:%i:%s') as datetime from `admin` where is_delete=0";
        mysql.query(sql, (err, doc) => {
            res.send({
                data: doc,
                qx: localStorage.getItem("qx")
            })
        })

    } else {

        mysql.query("select username,DATE_FORMAT(datetime,'%Y-%m-%d  %H:%i:%s') as datetime from `admin` where username = ? and is_delete=0", req.session.users.username, (err, doc) => {
            res.send({
                data: doc,
                qx: localStorage.getItem("qx")
            })
        })
    }
})
router.post("/addadmin", async(req, res) => {
    let { username, password } = req.body;
    let Permission = await qx.pbulic_qx(req.session.users.id);
    if (Permission.indexOf(1) > -1) {
        let pwd = md5(md5(password).substr(2, 8) + md5(password));
        mysql.query("select username from `admin` where username = ? and is_delete = 0", username, (err, doc) => {
            if (err) {
                throw err
            }

            if (doc.length == 0) {
                mysql.query("select * from `admin` where username =? and is_delete = 1;", username, (err, data) => {
                    if (err) {
                        throw err
                    }
                    if (data.length == 0) {
                        //添加

                        let sql = "insert into `admin` (username,password) values (?,?)";
                        mysql.query(sql, [username, pwd], (err, data) => {
                            if (err) {
                                throw err
                            }
                            res.send({
                                code: 200,
                                messages: "添加账号成功"
                            })

                        })
                    } else {
                        //更新0
                        mysql.query("update `admin` set is_delete = 0 ,password = ?,datetime= now() where  username = ?", [pwd, username], (err, data) => {
                            if (err) {
                                throw err
                            }
                            res.send({
                                code: 200,
                                messages: "添加账号成功"
                            })
                        })


                    }

                })

            } else {
                res.send({
                    code: -3,
                    messages: "账号已存在"
                })
            }
        })


    } else {
        res.send({
            code: 400,
            messages: "没有权限"
        })
    }

})


router.post("/deladmin", async(req, res) => {
    let { username } = req.body;
    let Permission = await qx.pbulic_qx(req.session.users.id);
    if (Permission.indexOf(1) > -1) {
        let sql = "update `admin` set is_delete = 1 where  username = ?"
        mysql.query(sql, username, (err, doc) => {
            if (err) {
                throw err
            }
            res.send({
                code: 200,
                messages: "删除成功"
            })

        })

    } else {
        res.send({
            code: 400,
            messages: "没有权限"
        })
    }

})



router.post("/rolesQX", async(req, res) => {
    let { username } = req.body;
    let Permission = await qx.pbulic_qx(req.session.users.id);
    if (Permission.indexOf(1) > -1) {
        let sql = "select role_name ,qx from `role_qx`  where username= ?";
        mysql.query(sql, username, (err, doc) => {
            res.send({
                code: 200,
                data: doc
            })
        })
    } else if (username == req.session.users.username) {
        mysql.query("select role_name ,qx from `role_qx`  where username = ?", req.session.users.username, (err, doc) => {
            res.send({
                code: 200,
                data: doc
            })
        })
    } else if (username != req.session.users.username) {
        res.send({
            code: 400,
            messages: "没有权限查看",
            data: []
        })
    } else {
        res.send({
            code: 400,
            messages: "没有权限查看",
        })
    }

})



router.post("/rolesqxFP", async(req, res) => {
    let Permission = await qx.pbulic_qx(req.session.users.id);
    let { username, fpqx } = req.body;
    if (Permission.indexOf(1) > -1) {
        console.log(fpqx)
        if (fpqx.length == 0) {
            mysql.query("delete  from  `role_qx` where username = ?", [username], (err, doc) => {
                if (err) {
                    return console.log(err);
                }
                res.send({
                    code: 200,
                    messages: "权限设置成功"
                })
            })
        } else {

            function sql() {
                return new Promise((resolve, reject) => {
                    for (let i in fpqx) {
                        mysql.query("delete  from  `role_qx` where username = ?", [username], (err, doc) => {
                            if (err) {
                                return console.log(err);
                            }
                            let sql = "insert into `role_qx` (role_name,username,qx,user_id) VALUES ((select role_name from `roles` where qx=?),?,?,(SELECT id from `admin` WHERE username = ?))";
                            mysql.query(sql, [fpqx[i], username, fpqx[i], username], (err, data) => {
                                if (err) {
                                    return console.log(err);
                                }
                                resolve({
                                    code: 200,
                                    messages: "权限设置成功"
                                })

                            })


                        })

                    }
                })
            }

            let sql2 = await sql();
            res.send(sql2)
        }

    } else {
        res.send({
            code: 400,
            messages: "没有权限"
        })
    }
})



router.post("/setpassword", async(req, res) => {
    const { username } = req.body;
    let Permission = await qx.pbulic_qx(req.session.users.id);
    if (Permission.indexOf(1) > -1) {
        let pwd = md5(md5("123456").substr(2, 8) + md5("123456"))
        let sql = "update  `admin` set password = ? where  username =  ?";
        mysql.query(sql, [pwd, username], (err, data) => {
            if (err) {
                throw err;
            }
            res.send({
                code: 200,
                messages: "密码重置成功"
            })

        })
    } else {
        res.send({
            code: 400,
            messages: "没有权限"
        })
    }
})
module.exports = router;